GLSA
Bodhisattva
Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany
|
 Posted: Thu Mar 31, 2005 11:51 am Post subject: [ GLSA 200503-37 ] LimeWire: Disclosure of sensitive informa |
 |
|
Gentoo Linux Security Advisory
Title: LimeWire: Disclosure of sensitive information (GLSA 200503-37)
Severity: low
Exploitable: remote
Date: March 31, 2005
Bug(s): #85380
ID: 200503-37
Synopsis
Two vulnerabilities in LimeWire can be exploited to disclose sensitive information.
Background
LimeWire is a Java peer-to-peer client compatible with the Gnutella file-sharing protocol.
Affected Packages
Package: net-p2p/limewire
Vulnerable: < 4.8.1
Unaffected: >= 4.8.1
Architectures: All supported architectures
Description
Two input validation errors were found in the handling of Gnutella GET requests (CAN-2005-0788) and magnet requests (CAN-2005-0789).
Impact
A remote attacker can craft a specific Gnutella GET request or use directory traversal on magnet requests to read arbitrary files on the system with the rights of the user running LimeWire.
Workaround
There is no known workaround at this time.
Resolution
All LimeWire users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-p2p/limewire-4.8.1" |
References
CAN-2005-0788
CAN-2005-0789
Secunia Advisory SA14555
Last edited by GLSA on Fri Mar 27, 2009 4:16 am; edited 3 times in total |
|
News & Announcements
